Secure CA Gateway - PowerPoint PPT Presentation

About This Presentation
Title:

Secure CA Gateway

Description:

Title: SecureCAGateway Author: Yamamoto Noboru Last modified by: Yamamoto Noboru Created Date: 4/26/2005 4:03:32 PM Document presentation format: – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 7
Provided by: Yama65
Category:
Tags: gateway | inside | secure

less

Transcript and Presenter's Notes

Title: Secure CA Gateway


1
Secure CA Gateway
  • EPICS meeting at SLAC
  • April 26, 2005
  • N. Yamamoto

2
GAN operation scenario
LOCAL Control
Remote Control
Remote Control
3
Access to a control system from outside of Lab.
  • Allow safe access from outside of lab.
  • Safe connection to hosts in the control system.
  • VLAN
  • Dedicated Line
  • SSH tunnel from the Internet
  • login to one of CPU in control system.
  • Once user login to the hosts, it is difficult to
    distingush access from outside and access from
    inside lab.
  • Allow user to use same tools on there PC/NB.
  • Secure CA
  • identificationPKI
  • secure connection SSL
  • Access priviledge management
  • Enhance CA gateway to support secure
    connectionSecure CA Gateway

4
Secure CA Gateway
Internet
  • Use PKI to identify and authenticate the user
  • Use SSL for secure connection
  • Access control management system have to be
    implemented
  • description of
  • Assume access from the inside hosts are safe.

AccessDB
Management ServerGW
LAN
ASG
5
Keypoints for secure CA GW
  • flexibility
  • Allow to introduce new context.
  • transparency
  • Can be introduced without large modification to
    existing system.
  • security
  • Must be secure under remote operation
    environment.
  • performance
  • Keep there performance. or Take a balance with
    Flexibility, Transparency, security

6
We need to modify...
  • CA client library
  • Authetification on opening the connection to the
    server
  • SSL support
  • Gateway
  • authentication using PKI
  • SSL support
  • Access to privilege control database
  • QueryChannel name and PKI identification, (and
    access point), as a key.
  • Configuration
  • Change configuration dynamically
  • reserve a set of channels for a particular
    user/group for modification.
Write a Comment
User Comments (0)
About PowerShow.com